| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_ | 5 #ifndef CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_ |
| 6 #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_ | 6 #define CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_ |
| 7 | 7 |
| 8 #include <map> |
| 9 #include <vector> |
| 10 |
| 8 #include "base/memory/ref_counted.h" | 11 #include "base/memory/ref_counted.h" |
| 9 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/string16.h" | 13 #include "base/string16.h" |
| 14 #include "base/synchronization/lock.h" |
| 15 #include "chrome/common/extensions/permissions/api_permission.h" |
| 16 #include "chrome/common/extensions/permissions/permission_message.h" |
| 17 |
| 18 class GURL; |
| 11 | 19 |
| 12 namespace extensions { | 20 namespace extensions { |
| 13 | 21 |
| 14 class PermissionSet; | 22 class PermissionSet; |
| 15 class APIPermissionSet; | 23 class APIPermissionSet; |
| 16 class Extension; | 24 class Extension; |
| 25 class URLPatternSet; |
| 26 class UserScript; |
| 17 | 27 |
| 18 // A container for the permissions data of the extension; also responsible for | 28 // A container for the permissions data of the extension; also responsible for |
| 19 // parsing the "permissions" and "optional_permissions" manifest keys. | 29 // parsing the "permissions" and "optional_permissions" manifest keys. This |
| 20 // This class holds the permissions which were established in the extension's | 30 // class also contains the active (runtime) permissions for the extension. |
| 21 // manifest; the runtime extensions of the extension (which may be different) | |
| 22 // are stored in Extension::RuntimeData. | |
| 23 class PermissionsData { | 31 class PermissionsData { |
| 24 public: | 32 public: |
| 25 PermissionsData(); | 33 PermissionsData(); |
| 26 ~PermissionsData(); | 34 ~PermissionsData(); |
| 27 | 35 |
| 28 // Parse the permissions of a given extension in the initialization process. | |
| 29 bool ParsePermissions(Extension* extension, string16* error); | |
| 30 | |
| 31 // Finalize permissions after the initialization process completes. | |
| 32 void FinalizePermissions(Extension* extension); | |
| 33 | |
| 34 // Return the optional or required permission set for the given |extension|. | 36 // Return the optional or required permission set for the given |extension|. |
| 35 static const PermissionSet* GetOptionalPermissions( | 37 static const PermissionSet* GetOptionalPermissions( |
| 36 const Extension* extension); | 38 const Extension* extension); |
| 37 static const PermissionSet* GetRequiredPermissions( | 39 static const PermissionSet* GetRequiredPermissions( |
| 38 const Extension* extension); | 40 const Extension* extension); |
| 39 | 41 |
| 40 // Return the temporary API permission set which is used during extension | 42 // Return the temporary API permission set which is used during extension |
| 41 // initialization. Once initialization completes, this is NULL. | 43 // initialization. Once initialization completes, this is NULL. |
| 42 static const APIPermissionSet* GetInitialAPIPermissions( | 44 static const APIPermissionSet* GetInitialAPIPermissions( |
| 43 const Extension* extension); | 45 const Extension* extension); |
| 44 static APIPermissionSet* GetInitialAPIPermissions(Extension* extension); | 46 static APIPermissionSet* GetInitialAPIPermissions(Extension* extension); |
| 45 | 47 |
| 48 // Return the active (runtime) permissions for the given |extension|. |
| 49 static scoped_refptr<const PermissionSet> GetActivePermissions( |
| 50 const Extension* extension); |
| 51 // Sets the runtime permissions of the given |extension| to |permissions|. |
| 52 static void SetActivePermissions(const Extension* extension, |
| 53 const PermissionSet* active); |
| 54 |
| 55 // Gets the tab-specific host permissions of |tab_id|, or NULL if there |
| 56 // aren't any. |
| 57 static scoped_refptr<const PermissionSet> GetTabSpecificPermissions( |
| 58 const Extension* extension, |
| 59 int tab_id); |
| 60 // Updates the tab-specific permissions of |tab_id| to include those from |
| 61 // |permissions|. |
| 62 static void UpdateTabSpecificPermissions( |
| 63 const Extension* extension, |
| 64 int tab_id, |
| 65 scoped_refptr<const PermissionSet> permissions); |
| 66 // Clears the tab-specific permissions of |tab_id|. |
| 67 static void ClearTabSpecificPermissions(const Extension* extension, |
| 68 int tab_id); |
| 69 |
| 70 // Returns true if the |extension| has the given |permission|. Prefer |
| 71 // IsExtensionWithPermissionOrSuggestInConsole when developers may be using an |
| 72 // api that requires a permission they didn't know about, e.g. open web apis. |
| 73 static bool HasAPIPermission(const Extension* extension, |
| 74 APIPermission::ID permission); |
| 75 static bool HasAPIPermission(const Extension* extension, |
| 76 const std::string& function_name); |
| 77 static bool HasAPIPermissionForTab(const Extension* extension, |
| 78 int tab_id, |
| 79 APIPermission::ID permission); |
| 80 |
| 81 static bool CheckAPIPermissionWithParam( |
| 82 const Extension* extension, |
| 83 APIPermission::ID permission, |
| 84 const APIPermission::CheckParam* param); |
| 85 |
| 86 static const URLPatternSet& GetEffectiveHostPermissions( |
| 87 const Extension* extension); |
| 88 |
| 89 // Returns true if the |extension| can silently increase its permission level. |
| 90 // Users must approve permissions for unpacked and packed extensions in the |
| 91 // following situations: |
| 92 // - when installing or upgrading packed extensions |
| 93 // - when installing unpacked extensions that have NPAPI plugins |
| 94 // - when either type of extension requests optional permissions |
| 95 static bool CanSilentlyIncreasePermissions(const Extension* extension); |
| 96 |
| 97 // Returns true if the extension does not require permission warnings |
| 98 // to be displayed at install time. |
| 99 static bool ShouldSkipPermissionWarnings(const Extension* extension); |
| 100 |
| 101 // Whether the |extension| has access to the given |url|. |
| 102 static bool HasHostPermission(const Extension* extension, const GURL& url); |
| 103 |
| 104 // Whether the |extension| has effective access to all hosts. This is true if |
| 105 // there is a content script that matches all hosts, if there is a host |
| 106 // permission grants access to all hosts (like <all_urls>) or an api |
| 107 // permission that effectively grants access to all hosts (e.g. proxy, |
| 108 // network, etc.) |
| 109 static bool HasEffectiveAccessToAllHosts(const Extension* extension); |
| 110 |
| 111 // Returns the full list of permission messages that the given |extension| |
| 112 // should display at install time. |
| 113 static PermissionMessages GetPermissionMessages(const Extension* extension); |
| 114 // Returns the full list of permission messages that the given |extension| |
| 115 // should display at install time. The messages are returned as strings |
| 116 // for convenience. |
| 117 static std::vector<string16> GetPermissionMessageStrings( |
| 118 const Extension* extension); |
| 119 |
| 120 // Returns true if the given |extension| can execute script on a page. If a |
| 121 // UserScript object is passed, permission to run that specific script is |
| 122 // checked (using its matches list). Otherwise, permission to execute script |
| 123 // programmatically is checked (using the extension's host permission). |
| 124 // |
| 125 // This method is also aware of certain special pages that extensions are |
| 126 // usually not allowed to run script on. |
| 127 static bool CanExecuteScriptOnPage(const Extension* extension, |
| 128 const GURL& document_url, |
| 129 const GURL& top_document_url, |
| 130 int tab_id, |
| 131 const UserScript* script, |
| 132 std::string* error); |
| 133 |
| 134 // Returns true if the given |extension| is a COMPONENT extension, or if it is |
| 135 // on the whitelist of extensions that can script all pages. |
| 136 static bool CanExecuteScriptEverywhere(const Extension* extension); |
| 137 |
| 138 // Returns true if the |extension| is allowed to obtain the contents of a |
| 139 // page as an image. Since a page may contain sensitive information, this |
| 140 // is restricted to the extension's host permissions as well as the |
| 141 // extension page itself. |
| 142 static bool CanCaptureVisiblePage(const Extension* extension, |
| 143 const GURL& page_url, |
| 144 int tab_id, |
| 145 std::string* error); |
| 146 |
| 147 // Parse the permissions of a given extension in the initialization process. |
| 148 bool ParsePermissions(Extension* extension, string16* error); |
| 149 |
| 150 // Finalize permissions after the initialization process completes. |
| 151 void FinalizePermissions(Extension* extension); |
| 152 |
| 46 private: | 153 private: |
| 47 struct InitialPermissions; | 154 struct InitialPermissions; |
| 155 typedef std::map<int, scoped_refptr<const PermissionSet> > TabPermissionsMap; |
| 48 | 156 |
| 49 // Temporary permissions during the initialization process; NULL after | 157 // Temporary permissions during the initialization process; NULL after |
| 50 // initialization completes. | 158 // initialization completes. |
| 51 scoped_ptr<InitialPermissions> initial_required_permissions_; | 159 scoped_ptr<InitialPermissions> initial_required_permissions_; |
| 52 scoped_ptr<InitialPermissions> initial_optional_permissions_; | 160 scoped_ptr<InitialPermissions> initial_optional_permissions_; |
| 53 | 161 |
| 54 // The set of permissions the extension can request at runtime. | 162 // The set of permissions the extension can request at runtime. |
| 55 scoped_refptr<const PermissionSet> optional_permission_set_; | 163 scoped_refptr<const PermissionSet> optional_permission_set_; |
| 56 | 164 |
| 57 // The extension's required / default set of permissions. | 165 // The extension's required / default set of permissions. |
| 58 scoped_refptr<const PermissionSet> required_permission_set_; | 166 scoped_refptr<const PermissionSet> required_permission_set_; |
| 59 | 167 |
| 168 mutable base::Lock runtime_lock_; |
| 169 |
| 170 // The permission's which are currently active on the extension during |
| 171 // runtime. |
| 172 mutable scoped_refptr<const PermissionSet> active_permissions_; |
| 173 |
| 174 mutable TabPermissionsMap tab_specific_permissions_; |
| 175 |
| 60 DISALLOW_COPY_AND_ASSIGN(PermissionsData); | 176 DISALLOW_COPY_AND_ASSIGN(PermissionsData); |
| 61 }; | 177 }; |
| 62 | 178 |
| 63 } // namespace extensions | 179 } // namespace extensions |
| 64 | 180 |
| 65 #endif // CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_ | 181 #endif // CHROME_COMMON_EXTENSIONS_PERMISSIONS_PERMISSIONS_DATA_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14651017:
Move RuntimeData and related permissions out of Extension class (Closed)
Base URL: http://git.chromium.org/chromium/src.git@dc_unref_permissions